Radware Report Shows Increased Cost of Cyber Attacks

Radware has released a report that reveals the cost of a cyber attack to businesses has increased by 52% in the past year.

Radware researchers surveyed 790 professionals across the globe in a variety of different roles, such as managers, network engineers, security engineers, CIOs, CISOs. The survey probed issues that business had in protecting against cyber attacks, such as the cost of implementing a robust cybersecurity network. The study also asked the professionals to estimate the cost of cyber attacks to their organisation.

Radware is a New Jersey-based cybersecurity company that specialises in cybersecurity and application delivery solutions. The report was titled “2018-2019 Global Application and Network Security Report”, and was released on January 15th.

The Cost of a Cyberattack

The Radware study asked respondents about the business cost of a successful cyber attack. The result was surprising; businesses reported the cost of a cyber attack to be $1.1 million, more than double what they had responded in 2017. Respondents that had a formalised calculation to determine the financial impact of a cyber attack reported the cost to be $1.7 million, compared to $880,000 for those with no formal calculation.

For organisations with fewer than 1,000 employees, the average cost of a cyber attack was estimated to be $450,000. That rose to $1.1 million for enterprises with between 1,000 and 10,000 employees, and $2.1 million for large corporations with more than 10,000 employees.

The average cost of a successful cyber attack on a healthcare organisation was determined to be $1.43 million. Fortunately, most healthcare organisations (82%) had a breach response plan in place, which can limit the cost of a cyber attack.

The Radware report notes that the estimates do not include direct costs such as extended labour, investigations, and the development of software patches, indirect costs such as the hiring of technical consultants, legal expenses, and stock price drops, and costs associated with the prevention of future cyber attacks.

Some effects of a cyber attack are difficult to quantify; lost revenue, brand reputation damage, and loss of customers are all real possibilities after a data breach. Radware notes that following a successful cyber attack, 43% of respondents said there had been a negative customer experience, 37% suffered brand reputation damage, and 23% reported a loss of customers.

“The cost of cyber attacks is simply too great to not succeed in mitigating every threat, every time,” explained Radware. “Customer trust is obliterated in moments, and the impact is significant on brand reputation and costs to win back business.”

The Changing Landscape of Cyberattacks

The vast majority of firms surveyed (93%) stated that they had experienced a cyber attack in the past 12 months. Ransomware, a particular type of phishing attack, and other extortion-based campaigns accounted for 51% of all attacks. This is down from 2017 when 60% of cyber attacks involved ransoms. The report attributes this reduction to cybercriminals switching from ransomware to cryptocurrency mining malware as a means of making easy money.

The next most common cause of attacks were insider threats (27%), attacks by competitors (26%), cyberwar (19%), and angry users (18%).

The primary aim of the attacks was service disruption (45%), data theft (35%), and espionage (3%). Nearly a third of attacks (31%) were political in nature, or involved “hacktivists”. This figure is down from 34% in 2017. Researchers are unable to discern the motive for 31% of attacks, which demonstrates that attackers are now more purposeful about hiding their motives.

A fifth of all respondents said that their businesses suffered daily cyber attacks. This figure is a 62% increase on the 2017 number. Only 13% of respondents reported weekly attacks, and 13% monthly attacks. A further 27% experienced one or two attacks in the past year, and 19% were unsure how many times they had been attacked.

The government sector was the most targeted industry by cybercriminals. The healthcare came in second place, with 39% of healthcare organisations reported having to fend off daily or weekly cyber attacks by hackers. Only 6% of healthcare organisations claimed they had not been attacked in the past year.

Organisations were questioned about the most common types of campaigns used in cyber attacks. Just over three-quarters of organisations reported that malware and bots had been used. Social engineering attacks such as phishing were the second most common category, reported by 65% of respondents. The next most common type of attack was DDoS attacks (reported by 53% of respondents), web application attacks (42%), ransom threats (38%), and cryptocurrency miners (20%).

Respondents from healthcare organisations felt they were best prepared for phishing and other social engineering attacks (58%), malware, bots and DDoS attacks (55%), and web application attacks (52%). Only 39% felt they were well prepared to deal with ransomware attacks and advanced persistent threats.

“While threat actors only have to be successful once, organisations must be successful in their attack mitigation 100% of the time,” said Anna Convery-Pelletier, Chief Marketing Officer for Radware. “A cyber attack resulting in service disruption or a breach can have devastating business impacts. In either case, you are left with an erosion of trust between a brand and its constituency.”